Spring cleaning

Technology | Hackers may be planning to steal millions of dollars from American bank accounts

For months, a secret, global network of would-be thieves apparently has been planning a massive bank heist. The targets? The websites of 30 U.S. banks, where the thieves intended to siphon millions of dollars from U.S. accounts in the spring of 2013.

In a new report, security firm McAfee described the scheme, which came to light in a Russian-language chat room last September. An internet user with the handle “vorVzakone”—which means “thief in law”—was recruiting hackers to help him attack U.S. banks using Trojan malware.

Although some people originally speculated “vorVzakone” was a Russian official conducting a sting operation, McAfee, after researching the issue, says the scheme is probably authentic and “appears to be moving forward as planned.”

We see you’ve been enjoying the content on our exclusive member website. Ready to get unlimited access to all of WORLD’s member content?
Get your risk-free, 30-Day FREE Trial Membership right now.(Don’t worry. It only takes a sec—and you don’t have to give us payment information right now.)

According to McAfee, the thieves have already infected at least 300 U.S. computers with Trojans, although it’s not clear whether any money has been stolen. The malware would work by taking over bank customers’ computers and withdrawing money from their accounts. It would fool online banking websites because the transactions would appear to come from their own customers—rather than Russian thieves.

The heist was intended to target Chase, Wells Fargo, Charles Schwab, Capital One, Citibank, and eBay subsidiary PayPal, among others. It’s possible the hackers have abandoned the scheme now that it’s public, but McAfee researchers say banks shouldn’t count on that. The hackers may simply be operating more quietly.

U.S. banks often absorb financial losses from online fraud since federal law protects nonbusiness customers from liability. Although banks take measures to secure online transactions, their websites are subject to constant attacks. Last September the largest cyberattack in history temporarily disabled the websites of several large banks, including Chase and Bank of America, though no money was stolen.

Crash test

AXAWinterthur/de Wikipedia

Driver, meet crash recorder—otherwise known as the black box. If your vehicle doesn’t already have one, it likely soon will: The U.S. Department of Transportation has proposed a rule that would require manufacturers to install the devices in all new vehicles. In the seconds before a crash, black boxes record an array of data, some of which indicate whether the driver was speeding, braking, or wearing a seat belt.

That information has obvious use to law enforcement and insurance companies trying to determine fault in an accident. Critics object that black box data could eventually become a privacy invasion—revealing, for instance, a person’s driving habits. It’s probably too late for such worries. Car manufacturers installed the devices on 96 percent of 2013 models voluntarily. —D.J.D.

Firewall spreads

Jiao Zi/ImagineChina/AP

China has taken another step to prevent its citizens from accessing internet services like Facebook, Google, and YouTube. The country’s web censorship network—often called the “Great Firewall”—recently began blocking virtual private networks. The private networks have provided a way for some Chinese to leap over the firewall by encrypting data so a third party (government censors, in this case) can’t decipher it. The Great Firewall blocks many Western social media services and websites that Communist officials find threatening. Beyond stifling Chinese liberties, the new crackdown could also harm companies that rely on virtual private networks to do business in China. —D.J.D.

Daniel James Devine

Daniel is a reporter for WORLD who covers science, technology, and other topics in the Midwest from his home base in Indiana. Follow Daniel on Twitter @DanJamDevine.